ipsec: TTL only applies for GRE interfaces and not VTI
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 9 Jan 2019 18:56:01 +0000 (19:56 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/scripts/ipsec-interfaces

index 521bf54..79f5e7d 100644 (file)
@@ -83,13 +83,19 @@ main() {
                        local args=(
                                "local" "${vpn_ip}"
                                "remote" "${righthost}"
-                               "ttl" "255"
                        )
 
-                       # Add key for VTI
-                       if [ "${interface_mode}" = "vti" ]; then
-                               args+=( key "${id}" )
-                       fi
+                       case "${interface_mode}" in
+                               gre)
+                                       # Add TTL
+                                       args+=( "ttl" "255" )
+                                       ;;
+
+                               vti)
+                                       # Add key for VTI
+                                       args+=( "key" "${id}" )
+                                       ;;
+                       esac
 
                        # Update the settings when the interface already exists
                        if [ -d "/sys/class/net/${intf}" ]; then